Still, it felt strange that two process were started instead of just one. It took a bit of investigating to find the reason for this behavior.

When you look at both processes you will notice that they act independently of each other. You can see that for instance by looking at the memory usage or cpu utilization.

I’d like to point out that you need to make sure that the two explorer.exe processes, or at least one of them, is not malicious in nature. It is a good idea to check the path first, if you see a different path for one process you may have a virus problem. You can check both explorer.exe files then over at services like Virus Total to check the files for malicious contents.

A settings in the Folder Options configuration of Windows Explorer explains the existence of two explorer.exe processes. Open Windows Explorer and click on Tools > Folder Options. Switch to the View tab there and scroll down until you find the following preference: Launch folder windows in a separate process.

If the preference is checked you have found the reason why two explorer.exe windows are running on your system. You can uncheck the option to have only one Windows Explorer process running at any time on the system.

The core reason for enabling the option is stability. It is usually safe to disable the feature so that only one explorer process is running on the PC.

Process Notifier is a lightweight portable alternative that can monitor one or multiple processes and notify the user via email if a process is started, closed, not found or found.

The program minimizes directly on startup, a right-click on the system tray icon displays all available options. A click on “Processes to Monitor” opens the configuration window where new processes can be added to the monitoring software.

You basically add the process executable file and configure the process state that you want monitored. It is optionally possible to add the process path to the software if you want to restart it in case it was found to be not running or closed on the system.

You can theoretically use the software to auto-restart processes that get terminated on the system. The email notifications are configured with a click on “E-Mail Settings”. Here it is important to add the recipient’s email address and the SMTP server settings.

The message subject and body can be customized. Both make use of placeholders that are listed in the menu as well. A screenshot can be attached to the system as well.

There are two additional configuration menus that you should look at. First the scan interval menu which defines the scan intervals on the system. The default value is set to 1 hour which many users may want to reduce, especially if they want to make sure that a process is always running on the system. A new interval in minutes can be configured for that.

The program preferences finally define if email and system tray notifications are enabled (which they are by default), if events are written to a text log and if all processes are scanned at startup.

Users can use the right-click menu to scan for processes manually.

Process Notifier is a lightweight program that is available as a 32-bit and 64-bit application for all recent versions of the Microsoft Windows operating system. The program is very robust despite that it has been released in version 0.0.2 beta by the developer. Windows users can download the portable software from the developer website.

Why bother checking?

Performance. Especially when you turn on your computer. The time it takes to load each piece of software adds up quickly, increasing your boot time. This can cause instability too. There is a chance that some of these programs could be harmful, but most antivirus programs check for them. The focus here is to figure out what is running on a computer, identify the programs, and introduce tools to help with the process.

Listing What is Running

The main tool to find out what is running in Windows is the Task Manager. Use Ctrl+Shift+Esc to open it directly. There are also a variety of alternatives to choose from. For a Linux system, use the ps command or use the System Monitor. These tools will list the programs and processes that are running on your computer. Some of them will be standard process that are a part of the operating system, but many will be foreign to even experienced users.

Known Processes

Here is a list of what would appear on a Windows XP system. To be clear, these programs are a part of Windows; they are needed. What each item does is an article unto itself. What is listed here is the file name and the pronounced name of the programs. This list can change for different versions of Windows. In time, a user should become familiar with these and the typical processes of their computer.

• csrss.exe – Client/Server Runtime Server Subsystem
• lsass.exe – Local Security Authority Service
• mdm.exe – Machine Debug Manager
• services.exe – Windows Service Controller

kl

• smss.exe – Session Manager Subsystem
• spoolsv.exe – Printer Spool Service
• svchost.exe – Service Host (expect to see it running multiple times)
• taskmgr.exe – The standard Task Manager itself.
• winlogon.exe – Windows Logon Process

Unknown Processes

Chances are that the list of programs running on a computer is a lot longer than the list above. Keep in mind that whatever you are doing will show up in that list (which is why taskmgr.exe will not show up if you use an alternative). For example, if you are running Firefox, expect to see firefox.exe in the list.

Figuring out what an unknown program is will help you decide if you really need it. There are two main methods: find where the file is and a Google search. (A third might be to look at a program file name (e.g. Mcshield.exe) and guess what it is (McAfee).) Windows 7 and Vista users can simply customize the view to show file paths. To search for a file manually, press Win+F to open the File Search. Alternatively, we recommend the replacement Locate32. Type in the name of the unknown program (including the .exe) and search. The key is to look at the location of the program, which should tell you what it does or who the author is (McAfee being another good example). The folder it is in will probably have a name you recognize and contain documentation (e.g. readme.txt). If things are not clear by this point, turn to Google. There are a variety of websites that have archives of processes and will tell you what they do. Neuber.com is commonly seen in search results and has a more extensive list than above.

Tools to Help

Ghacks has covered an extensive list of tools that can help you in this task. Here are just a few samples.

PC Decrapifier: This program identifies useless programs, provides information on them, and gives an option to remove them.

Malwarebytes: A tool that specializes in identifying and removing malware and spyware.

Spybot: A tool that can find and remove spyware, tracking cookies, etc.

msconfig: A tool that comes with Windows used to show and control what runs when a computer turns on.

Startup Control Panel: A program designed to make it easy to control what runs at boot on your computer and can integrate with the control panel.

Some Things to Consider

Once you know what is running on your system, think through and be careful with what you want to turn off. The instructions here are designed to help you “know what you are doing,” but one article can only teach you so much. It will cause a problem if you turn off something needed (via closing, altering settings, or uninstall); it will help your computer to get rid of rubbish programs.

The program is offered as a portable version and installer by its developers. Both versions offer the same functionality in all other aspects.

The software displays all listening ports, their protocol, process, process ID, associated services and company in the interface. This makes it relatively easy to identify specific ports directly in the program interface. Especially the associated services column can be helpful in identifying the responsible Windows services.

A right-click on a row opens a context menu with additional research options.

• Locate the executable file – Opens the folder that contains the process executable.
• Terminate this process – Terminates the process directly. May only be temporary if the process restarts automatically.
• Process services – Displays all services that are linked to the process.
• Google… – Research the port, process on Google.
• Wikipedia… – Research the port, process on Wikipedia.
• Usage statistics of this port – Look up statistics
• Port authority database – Provides information about most ports.

The menubar on top links to additional tools, commands and references. The tools menu links to Windows apps like the Services managements interface, the Task Manager, Registry Editor or Local Security Settings. Commands can run the netstat command to display all open connections, the task list and the system’s environment variables.

Internet references finally links to essays and white papers about ports and online security. Linked there are for instance BlackViper’s excellent website that is offering services configuration suggestions, lists of common port numbers or a Microsoft guide on how to configure a firewall for domains and trusts.

It is furthermore possible to display a short summary, and to export the current port list in detail. CloseTheDoor offers everything that one could hope for when analyzing open ports on a Windows machine. It is a solid alternative to CurrPorts. The software is compatible with all recent versions of the Microsoft Windows operating system. It tested fine on a 64-bit Windows 7 test system. Downloads of the portable version, installer and source code are available at the project website over at Sourceforge.

1. Open up a terminal window.
2. Issue the command sudo apt-get install bum.
3. Type your sudo password and hit Enter.
4. Accept any dependencies (if necessary).

Once the installation is complete, leave that terminal window open so you can start up the tool. Usage

Figure 1

To fire up BUM issue the command sudo bum. I assume you have administrative rights. If you do not you will not be able to use this tool. When you have BUM up and running it will default in basic mode. In this window (see Figure 1) you can select which services you want to run by checking or unchecking the associated check box. If you make a change to a service  you have to click the Apply button to apply the change. But when you simply uncheck (or check) a box you are changing the startup status of the service. In other words, that status will only change upon the next boot of the machine. You can alter a services current status from with BUM by selecting  service and then clicking Services > Start or Services > Stop. Advanced mode As I said, by default BUM starts in basic mode. This mode offers one tab which is just a system summary mode, which is meant as an overview mode. The advanced mode The advanced mode can be selected by selecting the check box next to Advanced in the bottom left corner of the main window. When you toggle this mode you will see two new tabs:

Figure 2

Services: This allows you to manage system services on a per-runlevel basis. To change the priority of a service click on the Services tab, select a service, right click the service and change the priority in the resulting window (see Figure 2). You will need to have a fairly good understanding of process priority in order to make changes here. Startup Shutdown scripts: This tab should be left alone as editing in Run Level 5 (graphic mode) is not allowed. Legend You will notice icons associated with services that indicate their status. The icons are the following:

• A lit light bulb: This means the script has generated a service and is currently running.
• A dark light bulb: This means the script has generated a service but is not currently running.
• A dash: This means the script runs once at boot (to generate a configuration or such).
• A Question mark: BUM is not able to detect if the script is running.

Final thoughts If you have been looking for a tool to help you manage what services/processes are started on your machine, BUM is a solid candidate for this task.

TCPEye basically displays those information in a graphical user interface. The application displays all processes that currently have a connection to a remote address. A remote address can be a device on the same computer network, or the Internet.

Each process is listed with its name, local and remote address, connection state, protocol, remote address country, process path and a handful of additional information about the program and company.

The displayed information can be saved or copied (to the clipboard) at anytime. A right-click on an entry, or the selection of the options menu at the top, lead to additional features. Available options include sending a process directly to the online virus checking service Virus Total, resolving addresses, terminating connections or processes, and the built-in Whois IP and Geo IP tools.

The direct upload option to Virus Total can be used to check any running process for malicious code. The file gets uploaded automatically by the application, providing that it is less than 10 Megabytes in size. The results of the scan are opened directly in the default web browser.

TCPEye is a handy netstat frontend that offers enough extra features to make it more than just an alternative. The application can be downloaded from Cnet.

Process Explorer shows you information about “which handles and DLLs processes have opened or loaded”. If you ever wanted to know what’s launching all those svchost processes, or why a process has been launched then Process Explorer is the tool to reveal those information.

But what’s new in Process Explorer 14? Take a look at this brief paragraph:

This major update to Process Explorer adds a slew of enhancements and new functionality including network and disk monitoring, an improved multi-tab system information dialog, additional memory statistics, a new column that shows aggregate CPU usage for a tree of processes, improved DLL scanning performance and accuracy, command-lines in process tree tooltips, support for more than 64 CPU systems, and more.

A few interesting additions. The tree cpu usage column for instance can be helpful to determine the cpu usage of a program spawning multiple processes, like Google Chrome for instance (last column in the screenshot).

Process Explorer 14 is available for download at the official Windows Sysinternals website. It is also possible to run Process Explorer directly from http://live.sysinternals.com/procexp.exe.

Many Windows users do not know that it is possible to display additional information in the Windows Task Manager. The following guide gives an overview on how to enable the display of additional information in the Windows Task Manager.

Loading the Windows Task Manager

The keyboard shortcut to load the Windows Task Manager is [Ctrl][Shift][Esc]. The task manager can also be loaded by right-clicking the Windows Taskbar and selecting Start Task Manager from the menu.

Windows Processes

Although it is not the left-most tab, the Processes tab is the default tab activated when opening the Task Manager. The Processes tab provides detailed information on running processes, such as CPU and memory usage, PID and user rights, and in newer Windows versions includes a short human-readable description of the process. By default the display is filtered, a click on the button labelled “Show processes from all users” will display all running processes.

A click on View > Select Columns opens a configuration menu to add columns to the display. Most of the additional information that can be enabled in this menu is intended for developers and administrators, but end users may find it helpful as well. For instance, it is possible to display the path of running processes, which can be very helpful to identify the program that has started the process.

The Memory Peak Working Set column is another interesting column that can be enabled. It displays the maximum amount of computer memory of each process in the task manager. The configuration menu can also be used to remove columns from the display in case they are not needed or used. A recommended setting is to keep all columns that are activated by default and add the Image Path Name and Memory – Peak Working Set columns.

Networking

The Networking tab displays information about each network adapter. Most Windows users will not see much information, if any at all, when they open the tab in the Windows Task Manager. Like the Processes tab, the Networking tab can be configured to display additional information by clicking on View > Select Columns.

In addition to the total amount of data transfer, separate graphs representing Bytes Sent and Bytes Received can be enabled. The network traffic will be monitored and displayed once the selections have been made.

These just two examples of Windows Task Manager tabs that can be configured to display additional information. The rest of the Task Manager can be similarly configured as well. End users will especially benefit from the additional information in the Processes tab. What other Task Manager configuration tips do you have? Let us know in the comments.

The software program works with a so called hitlist that is configured in the program’s settings. The hitlist basically contains names of processes that the user wants to include in the kill command. New processes can be added from the list of running processes that are displayed in an extra tab in the program or by entering the name of the process manually in a comma separated list in the interface or the hitlist.txt file directly.

All it takes to kill all processes that are listed in the hit list is to double-click the program icon of Auto Kill Any Process. This is a manual process and users who want to automate it need to use different applications like Kill Process (see: Batch Kill Processes with Kill Process) or Process Lasso (see: Process Lasso a Process Manager).

The configuration can be changed at anytime by launching the settings shortcut of the program. Auto Kill Any Process requires the Microsoft .net Framework 2.0. It should be compatible with most versions of Microsoft Windows and was tested on a system running Windows XP SP3. The download is available at the developer’s website.

Super Alt F4 has been designed to be an alternative to Alt F4′s polite request to terminate a process. The program will kill the process immediately without waiting for feedback from the process itself. The active process can be killed by pressing CTRL ALT F4. The downside of this method is that the process will be killed instantly which could mean that work will not be saved.

The developer of the software program has added another option to kill processes. The keyboard shortcut Windows F4 will turn the mouse cursor into a skull cursor. A left click on any program window will terminate that window immediately. A right-click will cancel the action and return the original cursor.

Super Alt F4 uses roughly 5 Megabytes of computer memory while running in the background. It will display a system tray icon by default which can be hidden by right-clicking the icon and selecting that option.

It probably makes sense to install Super Alt F4 (via Freeware Genius) on computer systems that tend to hang a lot because of unresponsive applications, windows and processes.

Update: SuperF4 has been updated several times since the last review. New features include support for 64-bit operating systems and a system tray icon. The developer has created a short demonstration video.

It walks you through the installation and functionality of the program.

You will be glad to know that the ps command will most certainly be already installed on your Linux machine, so there is no need to worry about installation.

Command structure

The basic command structure for ps is:

ps OPTION

Of course every good Linux command offers a lot of options, and ps is no exception. For this command we will just outline the best groupings of options together instead of just listing all of (or the best) options. This way you can skip right down to the command you need to use.

Show list of processes owned by a specific user

Say I want to list all processes owned by user jlwallen. To do this I could enter one of two commands:

ps ux

This will list out all processes that are owned by the user issuing the command. The results for this command will look like:

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
jlwallen   560  0.0  0.3  18312  7376 ?        SNs  19:40   0:00 /etc/alternativ
jlwallen   561  0.0  0.1   7316  3932 pts/0    SNs  19:40   0:00 bash
jlwallen  1137  0.0  0.0   1644   416 ?        S    19:47   0:00 sleep 8
jlwallen  1141  0.0  0.0   1644   420 ?        S    19:47   0:00 sleep 8
jlwallen  1142  0.0  0.0   4384  1012 pts/0    RN+  19:48   0:00 ps ux

You can also get a similar listing with the command:

ps U jlwallen

The results of this command will be:

PID TTY      STAT   TIME COMMAND
560 ?        SNs    0:00 /etc/alternatives/x-terminal-emulator
561 pts/0    SNs    0:00 bash
1223 ?        S      0:00 sleep 8
1227 ?        S      0:00 sleep 8
1228 pts/0    RN+    0:00 ps U jlwallen

Show all processes

To see every process on your system you would enter the command:

ps aux

The results of this command would look similar to that of ps ux only it would show the process of every user as well as the system.

List the details of a single process

What about when you want to see the details of only a single process? Imagine issuing the command ps ux and having to search through all of the listings to find the information about the one process you are trying to gain information about. Say, for example, you need to find the PID (Process ID) of the currently running daemon for Dansguardian. You can use the ps command and pipe the results to the grep command to search the listing for a specific string and print out only the matching strings. To do this issue the command:

ps aux | grep dansguardian

which will print out something like:

113       2596  0.0  0.5  17852 11460 ?        Ss   06:49   0:00 /usr/sbin/dansguardian

Now you can see the PID of Dansguardian is 2596. You can kill this with the kill 2956 command.

Final thoughts

There are many more uses for the ps command as well as many more ways to use the ps command. The above three examples are the most often used, but don’t think you are limited to only those uses. Issue the command man ps and you will see a full listing of all the ps options available to you.

The five default tabs that are available in the Windows Task Manager are offered by DTaskManager plus the two additional Ports and Kernel Modules section. The program displays extensive information in each section of its interface, something that can only be partially achieved in the Windows Task Manager. The processes tab lists for example the path of the process and the cpu time by default.

The Ports section displays all network connections of the local computer system offering massive amounts of information that include the process name, local IP and port, remote IP and port, the protocol, path and socket status.

DTaskManager offers some advanced functions on how to deal with processes. It can for example kill processes the usual way, force the process to be closed and initiate an override to close the process which will bypass permissions as well. Another interesting feature is the ability to suspend tasks. This is a feature known from the Linux operating system which can temporarily halt tasks. That’s a handy feature in situations where all system resources are needed by a process as the user can suspend processes and resume them once the resources are not needed anymore for the priority process.

A few minor options are the ability to display the cpu and memory usage in the system tray. This can be displayed as a bar or as numerical values. DTaskManager is a solid and lightweight Windows Task Manager replacement. It is compatible with Windows 2000, Windows XP and Windows Vista.

The program comes with a process modules viewer which will display the various modules a process is accessing on a computer system. The modules are rated with the same rating system and can give additional information about the process in question. Additional options include the ability to explore the system directory of a process and to perform a action on selected processes.

Actions can be to ignore (the default value), close or delete a process on the computer system. Closing will simply kill the process on the system while deleting will try and delete the file on the hard drive so that the file cannot be executed anymore.

Microsoft processes can be removed from the display to get a better overview of the non-system processes that are running on the system. The main problem of Assassin SE is the lack of ratings for several known applications. It was not able to identify True Crypt, Foxit Reader or Newsbin Pro which are common applications. It did however identify Firefox, uTorrent and Skype.

The software program can be helpful when checking the processes that are running on a computer system. It still requires some manual research after being left with unknown and potentially dangerous processes but it helps at reducing the amount of processes that have to be checked.

The process manager displays a list of processes currently running on the system. By default hidden processes are hidden but they can easily be revealed in the interface. A right-click provides several possibilities to interact with the process. It is possible to open the program directory, perform a Google search, to set the priority of the process, look at its properties and create a rule for it.

The rules are basically permanent changes to the process. Everyone can set a process priority in the task manager but those priorities are reset when the process is killed. With rules users can make those changes permanent as long as the process manager is running in the background.

Even more interesting is the fact that you can set process priorities for visible and minimized applications and set a cpu core affinity and that each instance of the process should be distributed to different cores. Another interesting aspect are the special actions. Those can be defined if a process is started, ended or idle. Actions include to launch another application, to restart the process, to kill it or to show a tooltip.

End it all is a program that lets you close all selected processes and programs except for several system processes and those that you have selected not to close. When you start End it all you get a view that resembles the Windows Task Manager. All open processes and applications are displayed. Icons define if a process will be closed or killed if you press the buttons that initiate that.

A right click on a process  makes it possible to change the behavior to allow that it can be closed and / or killed when the button is pressed. Some processes are locked and can’t be changed at all to ensure that Windows continues to work properly.

The yellow icon means that End it all can close or kill the process, a red icon indicates a protected process that cannot be killed or closed. The icon with the X and the green border indicates processes that can be closed but not killed while a skull with a red border allows to kill the process but not to close it.

Talking about the difference between closing and killing. Closing gives the process a chance to close normally with special operations that are probably required during shutdown while killing a process stops it immediately which can lead to data loss.

Once everything is setup you can create a batch file that uses command line options to perform the required operation, i.e closing or killing all defined processes. The command START enditall /K would kill all processes. A full list of command line parameters can be obtained with the /? parameter.

But what if you want to do it automatically ? Say you happen to transcode videos every now and then and want that process to be below normal to continue working with your computer during the process. Or you would like to assign a higher process priority to a game that you like to play and that needs all the cpu cycles that it can get.

I can tell from personal experience that there are many applications where an automatic adjustment of the process priority would come in handy.

One tool that does the job is Prio, the Priority Saver. It adds this functionality to the Windows Task Manager. The most important feature that it introduces is the ability to save priorities for processes. To do that you simply select another process priority and check the Save Priority entry in the same menu as well.

Every time the process is started it will run with the selected priority from now on. The different colors are also added by Priority Saver. Green colors are assigned to processes with a digital signature while red colored ones do not have one. Hovering the mouse over a process will display a tooltip with additional information about it.

Priority Saver adds two new tabs to the Windows Task Manager as well which are called Services and TCP / IP.

The services tab displays all services currently installed on the system. This menu makes it possible to start and stop services and change their startup mode which makes the services.msc application redundant.

The TCP/IP tab displays all incoming and outgoing network connections of the computer. Tooltips aid in determining the process that is responsible for the connection.

Process Priority is free for personal use and runs fine in Windows XP. There is no information available about other supported operating systems.

This service is used by several backup applications to create backups of files that are currently in use, on the fly backups so to say. I knew that I did install two backup applications in the last week, Cobian Backup and MozyHome and I suspect that one of these was responsible for the change.

The real question however is if I need this service at all. It was using a little bit more than six Megabytes of RAM without any real benefit. I decided to stop the service and run a backup to see if it would go through and backup all the files selected. Since I’m not backing up any Windows system files I suspected that it would not make a difference.

I stopped the Volume Shadow Copy Service and the file vssvc.exe disappeared from the list of open processes. The backup completed without errors afterwards. Vssvc.exe has been set to disabled in Services.msc so that it does not get started accidentally if set to manually.

It would be different if you would backup system files regularly in Windows. Those files can’t be processed if they are in use at the moment of the backup if the Volume Shadow Copy Service is not running in the background.

A click on any process kills that process after verification that you really want to do that. The main purpose of Task Killer is to be quickly able to terminate hung processes and windows without having to load the Windows task manager. I like the display of all running processes and their memory consumption which really aids in finding out which tasks use a lot of resources.

This was actually the way that I found that MediaAgent.exe was running on my system which lead to another article I posted earlier today. Users can change the default behavior of Task Killer in the options. It is possible for instance to disable the confirmation dialog or to create shortcuts to access functions even faster.

via Lifehacker

Process Lasso can probably be described as a application that manages processes. This is however not a task manager replacement but a software that can be configured to automatically react in certain situations.

Those situations include processes that slow down the system by using way more cpu cycles to bring other applications and the system to a standstill or processes that are run in a higher priority when detected.

So, to keep it short. Process Lasso can be either run as a service in Windows or as a background task consuming only a low amount of resources handling processes that either use to much cpu cycles or those that you want to prioritize.

It can also stop any process that you select automatically from that time on. Another useful feature is that it logs all processes that are running on the system making it easy to identify any processes that could be harmful.

Read More:

Process Lasso Homepage

One way to find out additional information is to use a program like process explorer which displays more information about the processes currently running on your system. Process Explorer adds a description and company tab which reveals some information about the process.

You can configure process explorer to replace the task manager. Still, you might have information about the company and a description but sometimes there is no information about the process. What if there is no description but a company name like CMCEI. Would you be suspicious abot it ? I definately would be and now we come to websites that contain process lists of nearly every process on windows machines.

I would like to start with the list of the websites that are not spam, some websites give you some information but their main purposes is to sell a product. Two of the following sites have buttons to purchase products but they contain valuable information that make up for that. Don’t click on those buttons and you have nothing to fear.

• Process Library
• Windows Process and Task List
• Castle Cops
• Sysinfo

All but one of the websites mentioned above have a site search – simply enter a filename that you don’t know about and they will display the information they have about it. It is a very good idea to cross-check the results before you take action.

If the information states that the file could be a virus, trojan or worm you should take appropriate measures. The first one would be to download a anti-virus program like Free AV (AVG Antivirus, Avast)and scan your system using that tool. Make sure the antivirus software is up to date. You might also want to take a look at my article about free online scan websites, most require Internet Explorer but some work in Firefox as well.

You should also download and run anti-spyware programs like Spybot Search and Destroy or Adaware. I’ve written another article “how to detect and remove spyware” which might be helpful as well.

To sum it up:

• Download process explorer
• Use the websites mentioned above to find out more about the process in question
• Scan your system with antivirus software
• Scan your system with anti-spyware software